A set of practical trainings is proposed to get an overview and to understand the STM32H5 security solutions.
These trainings are based on the boards, tools and code examples provided by ST.
This article gives an overview of these proposed trainings.
For the examples listed below, each step to be done is described in detail.
It is advised to start with these examples before making your own trials or using other security related examples available in the STM32Cube_FW_H5.
| Product Serie | STM32H503 | STM32H563 | STM32H573 | Prerequisite | Introduction article |
|---|---|---|---|---|---|
| Ecosystem | Nucleo MB1814-H503RB | Nucleo MB1404-H563ZI | Discovery STM32H573I-DK | ||
| STM32CubeMX OEMiROT example on STM32H573 | Link to How To | STM32CubeMx_V6.9.0 or later | Link | ||
| STM32CubeMX OEMiROT example on STM32H563 | Link to How To | STM32CubeMx_V6.9.0 or later | Link | ||
| STM32CubeMX STiROT example on STM32H573 | Link to How To | STM32CubeMx_V6.9.0 or later | Link | ||
| STM32CubeMX Secure Manager example | Link to How To | STM32CubeMx_V6.9.0 or later | Link | ||
| DA on STM32H57 (TZ=0) example | Link to How To | Link to How To | STM32CubeFW_H5_V1.0.0 or later | Link | |
| DA on STM32H503 example | Link to How To | STM32CubeFW_H5_V1.0.0 or later | Link | ||
| OEMiROT on STM32H57/6 (TZ =1) example | Link to How To | Link to How To | STM32CubeFW_H5_V1.0.0 or later | Link | |
| OEMiROT on STM32H503 example | Link to How To | STM32CubeFW_H5_V1.0.0 or later | Link | ||
| STiROT on STM32H57 example | Link to How To | STM32CubeFW_H5_V1.0.0 or later | Link | ||
| Secure Manager on STM32H573 | Link to How To | STM32CubeFW_H5_V1.0.0 or later | Link |
1. Secure Boot
The Secure Boot and related Root of Trust is implicitly used in all the proposed " How to start" step by step examples.
But a bootpath can be defined from scratch and a related firmware frame generated using the STM32CubeMx.
The proposed example on this topic is based on STM32CubeMx
- The Secure_Boot_for_STM32H5 wiki article explains the possible bootpaths for the different STM32H5 series.
- The How_to_intro_Secure_boot_for_STM32H5 wiki article gives a short technical introduction to be read before executing the getting started.
- The How_to_start_with_STM32CubeMX_OEMiROT_Boot_path_on_STM32H573 wiki article explains step by step how to proceed.
2. Debug Authentication
It is key to well understand how to set the Debug Authentication in order to define the wanted rights to reopen the debugger once closed.
- It is strongly advised to read Debug_Authentication_for_STM32H5_MCUs wiki article.
- The Debug_Authentication_STM32H5_How_to_Introduction wiki article summarizes all the technical know-how to be read before executing the getting started.
- Two getting started dedicated to the DA are proposed, using for the user application firmware the GPIO_IOToggle of the STM32CubeFW.
- Two further getting started examples address the Debug Authentication including a step-by-step section showing the principle of the certificate chain and how to use it. But it needs to execute the related step-by-step starting from the beginning.
- Part of the STiROT how to start: How_to_start_with_ST-iROT_on_STM32H573#Debug_Authentication
- Part of the OEMiROT how to start: How_to_start_with_OEM-iROT_on_STM32H573_%E2%80%93_TrustZone_enabled#OEMiROT_Step_by_step-_Debug_Authentication
3. OEMiROT
An OEM can develop his own customized Immutable Root Of Trust (OEMiROT).
It is advised to read the Secure_Boot_for_STM32H5 wiki article to understand the different possible Root of Trust.
- The OEMiROT_STM32H5_How_to_Introduction wiki article gives a short technical introduction to be read before executing the getting started.
- Two getting started dedicated to the OEMiROT based on the STM32CubeFW are proposed:
4. STiROT
An immutable root of trust defined by ST is included natively for the STM32H57x serie.
It's an embedded firmware stored in the system flash and that can't be modified.
It is advised to read the Secure_Boot_for_STM32H5 wiki article to understand the different possible Root of Trust.
- The STiROT_STM32H5_How_to_intro wiki article gives a short technical introduction to be read before executing the getting started.
- The How_to_start_with_ST-iROT_on_STM32H573 provides an example based on the STM32CubeFW
5. Secure Manager
rrrr